// legal

privacy policy

last updated: april 7, 2026

what we collect

when you sign in with github, we receive your public profile information (username, avatar URL) and an OAuth token scoped to read-only access of your public repositories. we store your commit messages to generate posts. we never access or store your source code.

how we use it

  • display your commits so you can select ones to generate posts from
  • generate AI-written social media posts based on commit messages
  • track usage counts to enforce plan limits
  • process payments via Dodo Payments if you upgrade to pro

data storage

your data is stored in Supabase (hosted on AWS). commit messages are cached to speed up the app. generated posts are stored in your history if you're on the pro plan. you can delete your account and all associated data from the settings page.

third parties

  • GitHub — OAuth authentication and commit data (read-only)
  • Google Gemini — AI post generation (commit messages are sent to generate content)
  • Dodo Payments — payment processing for pro subscriptions
  • Supabase — database and authentication

cookies

we use essential cookies for authentication (Supabase session tokens). we do not use tracking cookies or analytics.

your rights

you can revoke GitHub access at any time from your GitHub settings. you can delete your account and data from the app settings page. if you have questions, email hello@whatdidiactuallyship.com.